.htaccess Password Protect Directory timer problem

HTML & CSS
1

Hi,

I have password protected a directory on my website using the .htaccess password protection method as detailed on many tutorial websites on the internet.

It works well. However I have a couple of questions…

  1. When I first visit the password protected directory it asks me for the password but if I return to the same directory using the same browser 24 hours later it doesn’t ask me for the password again. This presents security problems if I were to visit the password protected directory on a shared community in an Internet cafe for instance. Is there a way of adding a timer or some other means of resolving this problem.

  2. I have protected the directory by placing a .htaccess password protecting file in the directory I want to protect. I also have another .htaccess file in the root directory of my website (this does not password protect anything, it just has php_value magic_quotes_gpc off command). Is it wise to have 2 .htaccess files? Wouldn’t it be better to have just one .htaccess file in the root that password protects the directory www.mysite.com/admin. I can’t figure out how to do this though.

Many thanks for your time,

Leao

2

  1. Did you close the browser between the first visit and the subsequent visit 24 hours later? If not, it’s the normal behavior; browsers remember HTTP Auth logins until they are closed.

  2. Not a problem. It would be a pain to manage if you had a gazillion .htaccess files everywhere, but just two .htaccess files is fine :slight_smile:

3

Cheers Scallio